...
- Secure encryption algorithms, chosen from the FIPS 140-2 cryptographic algorithms list
- The correct encryption method depending on the type of information. A password must use a one-way encryption using a hashing algorithm and random generated number (salt). Medical data must be encrypted symmetrically in the database.
- A way to manage the encryption key lifecycle
- Sufficient random number generation
OWASP has a cryptographic storage cheat sheet where you can learn more about the rules we listed above.
...